CN101304314B - Methods of encrypting and decrypting data and bus system using the methods - Google Patents
Methods of encrypting and decrypting data and bus system using the methods Download PDFInfo
- Publication number
- CN101304314B CN101304314B CN200810081777.XA CN200810081777A CN101304314B CN 101304314 B CN101304314 B CN 101304314B CN 200810081777 A CN200810081777 A CN 200810081777A CN 101304314 B CN101304314 B CN 101304314B
- Authority
- CN
- China
- Prior art keywords
- data
- bus
- signal
- module
- synchronizing signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Small-Scale Networks (AREA)
Abstract
Methods of encrypting and decrypting data, and a bus system using the methods are provided. The method of encrypting data includes: performing an operation on data that is to be transmitted through a bus with a key stream generated from a predetermined key so as to encrypt the data; transmitting the encrypted data to a predetermined module through the bus; and transmitting a synchronization signal that is logic high when the encrypted data is transmitted through the bus to the predetermined module. Therefore, an encryption speed is improved and encryption can be simply embodied so that security of data received from the bus can be improved.
Description
The application requires to be submitted on May 8th, 2007 priority of the 10-2007-0044699 korean patent application of Korea S Department of Intellectual Property, and it openly intactly is contained in this, for reference.
Technical field
The method according to this invention and bus system relate to data are encrypted and decipher.
Background technology
According to the method for operation key, encryption system can be divided into public key encryption system and private key encryption system.In public key encryption system, all users have and can be public keys that the public obtains and themselves private key or privacy key.Public keys is used for file and private key are encrypted, and private key is used for when individual storage file the file of encrypting being decrypted.On the other hand, in private key encryption system, carry out encryption and decryption (decoding) simultaneously.Private key encryption system can be divided into block cipher system and stream cipher system.
Block cipher system is divided into given plain text the have regular length piece of (64 bits or 128 bits), is that unit carries out and encrypts with the piece.Stream cipher system is carried out XOR (XOR) operation to the key stream that caused by privacy key and plain text, generating ciphertext, rather than plain text is divided into piece.Usually, stream cipher system is faster than block cipher system.
Fig. 1 is the block diagram of the stream cipher system of prior art.
With reference to Fig. 1, stream cipher system comprises CPU (CPU) 11, buffer memory 12, Memory Controller 13, encryption/decryption element 14, operating unit 15 and external memory storage 16.
At first, the operation that the data that send to bus from CPU 11 are encrypted is described.When proposing the request of read/write data from CPU 11, because the data that generate are unencrypted plain text data, need be encrypted to send this data by bus to these data.When CPU 11 request read/write data, encryption/decryption element 14 detects this request.Here, be included in key stream generation unit 141 and clock signal synchronous (that is, from rising edge of clock signal and/or trailing edge) in the encryption/decryption element 14, and the corresponding key stream of the size of generation and data.Here, for instance, the big I of data is expressed as number of words, wherein, and by byte or input data computation row, word, alphabetical number.At operating unit 15, respectively key stream synchronized with each other and data are carried out xor operation, thereby be that unit shines upon one to one with the byte, so that data are encrypted.Therefore, can ciphered data be sent to the outside by bus.
Secondly, will describe encrypted and be decrypted in order to make CPU by the data that bus is sent out
The operation of 11 these data of identification.Be sent to CPU 11 by the ciphered data that bus sends by Memory Controller 13 and buffer memory 12 from external memory storage 16.Yet CPU 11 can not identify ciphered data, therefore needs decryption processing.When sending ciphered data from external memory storage 16 by bus, encryption/decryption element 14 detects this transmission.Here, the key stream generation unit 141 that is included in the encryption/decryption element 14 is synchronous with clock signal, and generates key stream.At operating unit 15, respectively key stream synchronized with each other and ciphered data are carried out xor operation, thereby be that unit shines upon one to one with the byte, so that ciphered data is decrypted.Decrypted data is imported into CPU 11.
Here, the zone that comprises CPU 11, buffer memory 12, Memory Controller 13, encryption/decryption element 14 and operating unit 15 can be known as and be subjected to trust region, and except being trusted extra-regional all modules, that is, external memory storage 16 can be known as non-trust region.The data that send by bus in non-trust region may be exposed to the outside by perforate (tapping).Here, perforate is represented to be exposed to the outside by the data that bus sends by other lines.Because the inside of SOC (system on a chip) (SoC) or single-chip is known as and is subjected to trust region, so data can be protected.Yet, when disparate modules is attached on the plate, because the data that send by the bus on the plate can be exposed by perforate, therefore be difficult to protect the data of between disparate modules, transmitting.
Summary of the invention
The invention provides a kind of method that data are encrypted, by this method, data can be sent to safely each of a plurality of different module that connected by bus.
The present invention also provides a kind of method that data are decrypted, and by this method, data can be sent to safely each of a plurality of different module that connected by bus.
The present invention also provides a kind of bus system, by this system, data can be sent to safely each of a plurality of different module that connected by bus, and reduces to send and encrypt or performance decrease during decrypted data.
According to an aspect of the present invention, provide a kind of method that data are encrypted, comprising: (a) use the key stream that generates from the predetermined key data executable operations to sending by bus, so that data are encrypted; (b) by bus ciphered data is sent to predetermined module; (c) when sending ciphered data by bus, synchronizing signal is sent to predetermined module.
The method that data are encrypted also can comprise: data and key stream are carried out XOR (XOR) operation, so that data are encrypted.
The method that data are encrypted also can comprise: generate key stream based on the seed that comprises predetermined key and additional information, wherein, during in the module that receives ciphered data ciphered data being decrypted, use seed jointly.
The method that data are encrypted also can comprise: generate key stream with synchronous with the clock signal of bus.
The method that data are encrypted also can comprise: make the clock signal of synchronizing signal and bus synchronous.
The method that data are encrypted also can comprise: at least two predetermined module broadcast synchronization signals.
The method that data are encrypted also can comprise: each bar of many industrial sidings by described at least two predetermined module sends synchronizing signal.
The method that data are encrypted can comprise that also the control by the controller of bus sends to bus with synchronizing signal.
The method that data are encrypted also can comprise: synchronizing signal is sent at least one groups of organizing more, and wherein, described many groups comprise at least two predetermined module.
According to a further aspect of the invention, a kind of computer readable recording medium storing program for performing that records the computer program of the method that execution is encrypted data on it is provided, described method comprises: (a) use the key stream that generates from the predetermined key data executable operations to sending by bus, so that data are encrypted; (b) by bus ciphered data is sent to predetermined module; (c) when sending ciphered data by bus, synchronizing signal is sent to predetermined module.
According to a further aspect of the invention, provide a kind of method that data are decrypted, comprising: (a) receive ciphered data by bus from predetermined module; (b) receive synchronizing signal, wherein, this synchronizing signal is the logic height when sending ciphered data by bus; (c) when synchronizing signal be logic when high, use the key stream that generates from predetermined key to the ciphered data executable operations.
The method that data are decrypted also can comprise: make the clock signal of synchronizing signal and bus synchronous.
The method that data are decrypted also can comprise: ciphered data and key stream are carried out XOR (XOR) operation, so that ciphered data is decrypted.
According to a further aspect of the invention, provide a kind of computer readable recording medium storing program for performing that records the computer program of the method that execution is decrypted data on it, described method comprises: (a) receive ciphered data by bus from predetermined module; (b) receive synchronizing signal, wherein, this synchronizing signal is the logic height when sending ciphered data by bus; (c) when synchronizing signal be logic when high, use the key stream that generates from predetermined key to the ciphered data executable operations.
According to a further aspect of the invention, a kind of at least two bus systems that are connected to the module of bus that comprise are provided, wherein, each module comprises that the module core carries out the wrapper (wrapper) that interface is connected with being used for to module core and bus, wrapper is encrypted first data-signal that generates from the module core, sending the first ciphered data signal by bus, and when sending the described first ciphered data signal by bus, first synchronizing signal that output logic is high; In addition, when second data-signal was sent out by bus, wrapper was decrypted second data-signal that receives from bus according to the second high synchronizing signal of logic, and second data-signal that will decipher offers the module core.
Wrapper can comprise: the stream cipher transmitter, when generating first data-signal from the module core, from predetermined key production key stream; The stream cipher receiver when receiving second data-signal from bus, generates key stream according to second synchronizing signal.
Can generate key stream from the seed that comprises predetermined key and additional information, and described seed can be applied to each module jointly.
Wrapper also can comprise: first operating unit, key stream and first data-signal are carried out XOR (XOR) operation, to generate the first ciphered data signal; Second operating unit is carried out xor operation to key stream and second data-signal, to generate second data-signal of deciphering.
Described system also can comprise first synchronizing signal and second synchronizing signal by each bar transmission of many industrial sidings of described module.
Description of drawings
By the reference accompanying drawing exemplary embodiment of the present is described in detail, above-mentioned and other aspects of the present invention will be clearer, wherein:
Fig. 1 is the block diagram of the stream cipher system of prior art;
Fig. 2 is according to an exemplary embodiment of the present invention with the block diagram of the bus system of 1:1 configuration;
Fig. 3 is shown specifically the block diagram of the data transfer operation in bus system according to an exemplary embodiment of the present invention;
Fig. 4 is the block diagram that the wrapper (wrapper) that is included in according to an exemplary embodiment of the present invention in the bus system schematically is shown;
Fig. 5 is according to an exemplary embodiment of the present invention with the block diagram of the bus system of N:N configuration;
Fig. 6 is the block diagram that is shown specifically the method that in bus system data is encrypted and deciphers according to an exemplary embodiment of the present invention;
Fig. 7 is the flow chart that the method that data are encrypted is shown according to an exemplary embodiment of the present invention;
Fig. 8 is the flow chart that the method that data are decrypted is shown according to an exemplary embodiment of the present invention.
Embodiment
More fully describe exemplary embodiment below with reference to accompanying drawings, exemplary embodiment has been shown in the accompanying drawing.Yet the present invention can implement with multiple different form, is limited to the exemplary embodiment of setting forth here and should not be construed as; On the contrary, provide these embodiment so that the disclosure is completely and completely, and design of the present invention is conveyed to those skilled in the art fully.In the accompanying drawings, identical label is represented identical parts, for clarity, has amplified size and the thickness in layer and zone.In addition, term used herein is according to functional definition of the present invention.Therefore, term can be according to user or operator and usage and is different.That is to say, must understand term used herein based on the description here.
Fig. 2 is the block diagram with the bus system of 1:1 configuration according to the embodiment of the invention.
With reference to Fig. 2, the bus system with the 1:1 configuration comprises according to an exemplary embodiment of the present invention: the first module core 21, first wrapper 22, the second module core 23, second wrapper 24 and bus 25.The first module core 21 and the second module core 23 all can be in CPU (CPU), peripheral cell interconnection (PCI) and the universal asynchronous receiver (UART) independently.
242 pairs of first-class password transmitter 221 and the second stream cipher transmitters will be encrypted via the data that bus 25 sends.More particularly, first-class password transmitter 221 and the second stream cipher transmitter 242 are from (for example comprising predetermined key and additional information, initialization vector) seed (seed) generates key stream, and to the key stream that generates and the data executable operations that will send via bus 25, thereby data are encrypted.For example, first-class password transmitter 221 and the second stream cipher transmitter 242 can and will be carried out xor operation via the data that bus 25 sends to the key stream that generates, thereby data are encrypted.
241 pairs of ciphered data that receive from bus 25 of first-class password receiver 222 and the second stream cipher receiver are decrypted.More particularly, first-class password receiver 222 and the second stream cipher receiver 241 generate key stream from the seed that comprises predetermined key and additional information, and to the key stream that generates and the ciphered data executable operations that receives from bus 25, thereby data are decrypted.For example, first-class password receiver 222 and the second stream cipher receiver 241 can be carried out xor operation to the key stream of generation with from the ciphered data that bus 25 receives, thereby data are decrypted.
In this case, first-class password transmitter 221 and the second stream cipher transmitter 242 and first-class password receiver 222 and the second stream cipher receiver 241 can have common seed.More particularly, when power-on, identical seed can be offered first-class password transmitter 221, first-class password receiver 222, the second stream cipher receiver 241 and the second stream cipher transmitter 242.Therefore, first-class password transmitter 221, first-class password receiver 222, the second stream cipher receiver 241 and the second stream cipher transmitter 242 can generate identical key stream.Yet the order of the key stream that each right synchronizing signal of first- class password transmitter 221 and 241 pairs of the second stream cipher receivers and first-class password receiver 222 and the second stream cipher transmitter, 242 centerings is used can be changed.Be described with reference to the synchronizing signal of Fig. 3.
In first-class password transmitter 221, first-class password receiver 222, the second stream cipher receiver 241 and the second stream cipher transmitter 242 each all can be used Route Coloniale 4 (RC4).RC4 is streamed cryptographic algorithm, and it changes the length of key by byte manipulation, and supports enciphering rate (comparing with block encryption algorithm) very fast.Yet, this is one exemplary embodiment of the present invention, first-class password transmitter 221, first-class password receiver 222, the second stream cipher receiver 241 and the second stream cipher transmitter 242 can use other algorithms, and this is apparent for those of ordinary skills.
Fig. 3 is shown specifically the block diagram of the data transfer operation in bus system according to an exemplary embodiment of the present invention.
With reference to Fig. 3, the bus system with the 1:1 configuration comprises according to an exemplary embodiment of the present invention: the first module wrapper 31, the second module wrapper 32 and bus 33.The first module wrapper 31 comprises that stream cipher transmitter (Tx Sc) 311, the second module wrappers 32 comprise stream cipher receiver (Rx Sc) 321.
When input during data, the first module wrapper 31 becomes data encryption ciphered data E_DATA in stream cipher transmitter 311, and by bus 33 ciphered data E_DATA is sent to the second module wrapper 32.When ciphered data E_DATA is received by the second module wrapper 32, the second module wrapper 32 is decrypted ciphered data E_DATA in stream cipher receiver 321, and decrypted data is offered the module (not shown) that is connected to the second module wrapper 32.
In this case, when sending ciphered data E_DATA by bus 33, the first module wrapper 31 generates the synchronizing signal synchronous with the clock signal (not shown) of bus 33.According to ciphered data E_DATA, between logic height and logic low, switch synchronizing signal.For example, have only when ciphered data E_DATA is provided for bus, synchronizing signal is changeable to be logic " height ", and when ciphered data E_DATA was not provided for bus, synchronizing signal is changeable to be logic " low ".
The synchronizing signal that generates from the first module wrapper 31 is provided for the stream cipher receiver 321 that is included in the second module wrapper 32.In exemplary embodiment of the present, synchronizing signal can be provided for the second module wrapper 32 by industrial siding.Because the signal that sends by bus 33 should meet bus specification, therefore send synchronizing signal by independent industrial siding (not shown) rather than bus 33, therefore do not need to change the specification of bus, thereby improved compatibility.In another exemplary embodiment of the present invention, synchronizing signal can be by bus control unit control to be sent out by bus 33.In addition, in another exemplary embodiment of the present invention, by using the control signal of bus 33, the first module wrapper 31 can be synchronous with the second module wrapper 32, rather than generate synchronizing signal.Yet in this case, it may be complicated implementing in such configuration.
Be included in the synchronizing signal that the stream cipher receiver 321 in the second module wrapper 32 receives ciphered data E_DATA and generates from the first module wrapper 31 from bus 33 simultaneously.Stream cipher receiver 321 generates key stream according to this synchronizing signal, and to ciphered data E_DATA and key stream executable operations, thereby data are decrypted.
Fig. 4 is the block diagram that the example that is included in the wrapper in the bus system according to an exemplary embodiment of the present invention schematically is shown.
With reference to Fig. 4, wrapper 40 comprises stream cipher transmitter (Tx Sc) 41 and stream cipher receiver (RxSc) 42.Stream cipher transmitter (Tx Sc) 41 is encrypted to the first ciphered data signal E_DATA1 with first data-signal, and the first ciphered data signal E_DATA1 is offered bus.42 couples of second ciphered data signal E_DATA2 that receive from bus of stream cipher receiver are decrypted.
Wrapper 40 will send to another module according to first synchronizing signal that the first ciphered data signal E_DATA1 switches by independent industrial siding (rather than bus) between logic height and logic low.In addition, wrapper 40 receives second synchronizing signal of switching according to the second ciphered data signal E_DATA2 by independent industrial siding (rather than bus) between logic height and logic low from another module.In other words, wrapper 40 can have except bus two independently industrial sidings.When each of a plurality of disparate modules connected with configuration of 1:1, wrapper 40 can have two industrial sidings, and when each different module connected with the configuration of 1:N, wrapper 40 can have 2N bar industrial siding.Here, N is the natural number greater than 1.
Fig. 5 is according to an exemplary embodiment of the present invention with the block diagram of the bus system of N:N configuration.
With reference to Fig. 5, the bus system with the N:N configuration comprises according to an exemplary embodiment of the present invention: CPU51, PCI 53, UART 55 and bus 59.In addition, the bus system with the N:N configuration also can comprise other modules 57.Here, CPU 51, PCI 53 and UART 55 just are connected to the example of the module of bus 59, and can be any modules of other modules or exploitation in future.
Because the bus system of Fig. 5 comprises four modules, so N is that the bus system of 4, Fig. 5 is to dispose with 4:4.Here, when independently each of stream cipher transmitter and stream cipher receiver being operated, the module of bus system can be 4 * 3 to (namely, N * (N-1)), need 2 * 4 * 3 (namely, 2 * N * (N-1)) individual stream cipher transmitter/receiver, so the configuration of bus system may be complicated.
Yet in exemplary embodiment of the present, the stream cipher transmitter/receiver is shared common seed, thereby can be only with 2 * 4 (that is 2 * N) individual stream cipher transmitter/receivers execution encryption and decryption.As mentioned above, because the seed here comprises predetermined key and additional information (for example, initialization vector IV), so the stream cipher transmitter/receiver generates key stream based on this seed.That is to say, first to fourth stream cipher transmitter 521,541,561 and 581 and first to fourth stream cipher receiver 522,542,562 and 582 are shared common seed, therefore, can realize the bus system that disposes with N:N simply by only using 8 unit.
In this case, a module can be to all module broadcast synchronization signals.For example, but CPU wrapper 52 broadcast synchronization signals so that this synchronizing signal is sent to PCI wrapper 54, UART wrapper 56 and wrapper 58.Yet this is an example of the present invention, and a plurality of modules can be divided at least two groups, and synchronizing signal can be sent at least one group in described at least two groups.For example, because PCI 53 and UART 55 are called as first group, other modules are called as second group, so CPU wrapper 52 can only send to synchronizing signal PCI wrapper 54 and the UART wrapper 56 that is included in first group.
In exemplary embodiment of the present, synchronizing signal can be 1 bit signal.Because the bus system of Fig. 5 comprises 4 modules, therefore there are 2 * 4 (that is 2 * N) individual stream cipher transmitter and receivers; Yet, (that is, N * (N-1)) the individual synchronizing signal that needs 4 * 3.Expense (overhead) bit of (that is, N * (the N-1)) bit that therefore, generates 4 * 3 usually.
Fig. 6 is the block diagram that is shown specifically the method that in bus system data is encrypted and deciphers according to an exemplary embodiment of the present invention.
With reference to Fig. 6, bus system comprises module core 61 and wrapper 62 according to an exemplary embodiment of the present invention.Wrapper 62 comprises stream cipher transmitter (Tx Sc) 621 and stream cipher receiver (Rx Sc) 622.In addition, wrapper 62 also can comprise first operating unit 623 and second operating unit 634.
Below, will be divided into cryptographic operation and decryption oprerations by the operation with wrapper 62 and come this operation is described.
At first, during encrypting, wrapper 62 detects from the plain text data PD1 of module core 61 inputs, be included in stream cipher transmitter 621 in the wrapper 62 generate will be synchronous with the clock signal of bus key stream.As mentioned above, stream cipher transmitter 621 generates key stream from the seed that comprises predetermined key and additional information.Here, the key stream of generation can be random number, and can be changed in a different manner.
Be included in the key stream of the 623 pairs of generations of first operating unit in the wrapper 62 and plain text data PD1 executable operations to generate ciphered data, that is, and encrypt data CD1.Here, in exemplary embodiment of the present, first operating unit 623 can be to the key stream that generates and plain text data PD1 executable operations to generate encrypt data CD1.
Secondly, between the decryption period, wrapper 62 detects the ciphered data that receives from bus, that is, and and encrypt data CD2.In addition, the stream cipher receiver 622 that is included in the wrapper 62 receives synchronizing signal, and generates key stream according to this synchronizing signal.In this case, the seed as the basis that generates key stream is identical with the seed of the stream cipher transmitter/receiver of stream cipher transmitter 621 and other modules.Synchronizing signal is provided by the module that generates encrypt data CD2, and switches between logic height and logic low according to this encrypt data CD2.In another exemplary embodiment of the present invention, wrapper 62 can receive this synchronizing signal from other modules.
Be included in key stream and the encrypt data CD2 executable operations of the 622 pairs of generations of stream cipher receiver in the wrapper 62, and the encrypt data CD2 (that is plain text data) of generation deciphering as a result of.Here, in exemplary embodiment of the present, stream cipher receiver 622 can be carried out xor operation to key stream and the encrypt data CD2 that generates, and generates plain text data PD2.
Fig. 7 is the flow chart that the method that data are encrypted is shown according to an exemplary embodiment of the present invention.
With reference to Fig. 7, the method that data are encrypted is included in the time series operation of carrying out in the bus system of Fig. 6 according to an exemplary embodiment of the present invention.Therefore, even followingly omitted any description, to the description of the bus system of Fig. 6 also applicable to the encryption method according to exemplary embodiment of the present shown in Figure 7.
With reference to Fig. 7, in operation 71, when in sending the module of data, generating data, the wrapper that is connected to this module key stream that generates from the predetermined key data executable operations to sending by bus, thus data are encrypted.In exemplary embodiment of the present, can be to carrying out xor operation by data and key stream that bus sends, so that data are encrypted.Here, generate key stream based on the seed that comprises predetermined key and additional information, this key stream can be synchronous with the clock signal of bus.Here, additional information can be expressed as initialization vector.
In operation 72, wrapper sends to predetermined module by bus with ciphered data.In exemplary embodiment of the present, can there be at least two predetermined module.
In operation 73, when sending ciphered data by bus, the synchronizing signal that logic is high is sent to predetermined module.Here, synchronizing signal can be synchronous with the clock signal of bus.In exemplary embodiment of the present, can have at least two predetermined module, and synchronizing signal can be broadcasted.Here, can send synchronizing signal by each bar industrial siding of at least two modules, the control of controller that maybe can be by bus sends synchronizing signal.In another exemplary embodiment of the present invention, can there be at least two predetermined module, these at least two predetermined module can be divided into many groups, and synchronizing signal can be sent at least one group.
Fig. 8 is the flow chart that the method that data are decrypted is shown according to an exemplary embodiment of the present invention.
With reference to Fig. 8, the method that data are decrypted is included in the time series operation of carrying out in the bus system of Fig. 6 according to an exemplary embodiment of the present invention.Therefore, even followingly omitted any description, to the description of the bus system of Fig. 6 also applicable to the decryption method according to the current exemplary embodiment of the present invention shown in Figure 8.
With reference to Fig. 8, in operation 81, the wrapper that is connected to the module that receives data receives ciphered data by bus from predetermined module.
In operation 82, when sending ciphered data by bus, the synchronizing signal that the wrapper receive logic is high.Here, synchronizing signal can be synchronous with the clock signal of bus.
In operation 83, when synchronizing signal is logic when high, wrapper uses the key stream that generates from predetermined key to the ciphered data executable operations, thereby data are decrypted.In an embodiment of the present invention, can carry out xor operation to key stream and ciphered data, so that ciphered data is decrypted.
The invention is not restricted to exemplary embodiment mentioned above, those of ordinary skills can suitably revise.
The present invention also can be embodied as the computer-readable code on the computer readable recording medium storing program for performing.Described computer readable recording medium storing program for performing is that any store thereafter can be by the data storage device of the data of computer system reads.The example of described computer readable recording medium storing program for performing comprises: read-only memory (ROM), random-access memory (ram), CD-ROM, tape, hard disk, floppy disk, flash memory, optical data storage device and carrier wave (as the transfer of data by the Internet).Described computer readable recording medium storing program for performing also can be distributed on the computer system of networking, so that described computer-readable code is stored and is performed with distribution mode.
According to the present invention, use the key stream that generates from the predetermined key data executable operations to sending by bus, so that data are encrypted, and by bus ciphered data is sent to predetermined module.In addition, synchronizing signal is provided for predetermined module, with reference sync signal data is decrypted, and wherein, this synchronizing signal is the logic height when sending ciphered data by bus.Therefore, the safety of the data that send by bus can improve.
In addition, according to the present invention, when electric power starting, synchronizing signal is broadcasted and common seed is shared, and therefore can reduce the quantity of stream cipher transmitter/receiver, thereby realize simple bus system.In addition, even be attached to when being subjected to trust region outside when new module, can keep fail safe, so bus expanding system easily.Therefore, when at least one independent module is installed in chip outside, when various modules are installed onboard, when industrial siding is used, and when in open bus system, the method that data are encrypted and decipher according to the present invention can effectively be used.
Although specifically represent and described the present invention with reference to exemplary embodiment of the present, but will be understood by those skilled in the art that, under the situation that does not break away from the spirit and scope of the present invention that are defined by the claims, can carry out various changes in form and details.
Claims (16)
1. method that data are encrypted, described method comprises:
(a) use the key stream that generates from the predetermined key data executable operations to sending by bus, so that data are encrypted;
(b) by bus ciphered data is sent to predetermined module;
(c) when by bus ciphered data being sent to predetermined module, send and switch to the high synchronizing signal of logic,
Wherein, at step (c), at least two predetermined module broadcast synchronization signals.
2. the method for claim 1, wherein data and key stream are carried out xor operation, so that data are encrypted.
3. method as claimed in claim 2 wherein, generates key stream based on the seed that comprises predetermined key and additional information, wherein, during in the module that receives ciphered data ciphered data being decrypted, uses seed jointly.
4. method as claimed in claim 2 wherein, generates key stream with synchronous with the clock signal of bus.
5. the method for claim 1, wherein the clock signal of synchronizing signal and bus is synchronous.
6. the method for claim 1, wherein at step (c), each bar of many industrial sidings by described at least two predetermined module sends synchronizing signal.
7. the method for claim 1, wherein at step (c), the controller by bus sends to bus with synchronizing signal.
8. method as claimed in claim 5 wherein, is organized described two predetermined module are divided at least more, and synchronizing signal is sent at least one group.
9. method that data are decrypted comprises:
(a) receive ciphered data by bus from encrypting module;
(b) receiving when sending ciphered data by bus is the high synchronizing signal of logic;
(c) when synchronizing signal be logic when high, use the key stream that generates from predetermined key to the ciphered data executable operations,
Wherein, at step (b), the encrypted module of synchronizing signal is broadcast at least two predetermined module.
10. method as claimed in claim 9, wherein, the clock signal of synchronizing signal and bus is synchronous.
11. method as claimed in claim 9 wherein, at step (c), is carried out xor operation to ciphered data and key stream, so that ciphered data is decrypted.
12. one kind comprises at least two bus systems that are connected to the module of bus, wherein, each module comprises that the module core carries out wrapper that interface be connected to the module core with bus with being used for, wherein:
Wrapper is encrypted first data-signal that generates from the module core, sending the first ciphered data signal by bus, and when sending the described first ciphered data signal by bus, exports and switches to the first high synchronizing signal of logic;
When second data-signal was sent out by bus, wrapper was decrypted second data-signal that receives from bus according to switching to the second high synchronizing signal of logic, and second data-signal that will decipher offers the module core,
Wherein, first synchronizing signal is broadcast at least two modules that need be decrypted the first ciphered data signal, and second synchronizing signal is broadcast at least two modules that need be decrypted second data-signal.
13. system as claimed in claim 12, wherein, wrapper comprises:
The stream cipher transmitter is when generating first data-signal from the module core, from predetermined key production key stream;
The stream cipher receiver when receiving second data-signal from bus, generates key stream according to second synchronizing signal.
14. system as claimed in claim 13 wherein, generates key stream from the seed that comprises predetermined key and additional information, described seed is applied to each module jointly.
15. system as claimed in claim 13, wherein, wrapper also comprises:
First operating unit is carried out xor operation to key stream and first data-signal, to generate the first ciphered data signal;
Second operating unit is carried out xor operation to key stream and second data-signal, to generate second data-signal of deciphering.
16. system as claimed in claim 12, wherein, each bar of many industrial sidings by described at least two modules sends first synchronizing signal and second synchronizing signal.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2007-0044699 | 2007-05-08 | ||
KR1020070044699A KR101370829B1 (en) | 2007-05-08 | 2007-05-08 | Method of encrypting and decrypting data, and Bus System using the same |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101304314A CN101304314A (en) | 2008-11-12 |
CN101304314B true CN101304314B (en) | 2013-07-10 |
Family
ID=39969548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200810081777.XA Expired - Fee Related CN101304314B (en) | 2007-05-08 | 2008-03-13 | Methods of encrypting and decrypting data and bus system using the methods |
Country Status (4)
Country | Link |
---|---|
US (1) | US20080279371A1 (en) |
JP (1) | JP2008282004A (en) |
KR (1) | KR101370829B1 (en) |
CN (1) | CN101304314B (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8719593B2 (en) * | 2009-05-20 | 2014-05-06 | Harris Corporation | Secure processing device with keystream cache and related methods |
CN201699877U (en) * | 2010-02-05 | 2011-01-05 | 鸿富锦精密工业(深圳)有限公司 | Video encryption signal detecting circuit and video device using same |
US9798873B2 (en) | 2011-08-04 | 2017-10-24 | Elwha Llc | Processor operable to ensure code integrity |
US9575903B2 (en) | 2011-08-04 | 2017-02-21 | Elwha Llc | Security perimeter |
US9460290B2 (en) | 2011-07-19 | 2016-10-04 | Elwha Llc | Conditional security response using taint vector monitoring |
US9170843B2 (en) | 2011-09-24 | 2015-10-27 | Elwha Llc | Data handling apparatus adapted for scheduling operations according to resource allocation based on entitlement |
US8943313B2 (en) | 2011-07-19 | 2015-01-27 | Elwha Llc | Fine-grained security in federated data sets |
US9465657B2 (en) | 2011-07-19 | 2016-10-11 | Elwha Llc | Entitlement vector for library usage in managing resource allocation and scheduling based on usage and priority |
US9298918B2 (en) | 2011-11-30 | 2016-03-29 | Elwha Llc | Taint injection and tracking |
US9471373B2 (en) | 2011-09-24 | 2016-10-18 | Elwha Llc | Entitlement vector for library usage in managing resource allocation and scheduling based on usage and priority |
US9098608B2 (en) | 2011-10-28 | 2015-08-04 | Elwha Llc | Processor configured to allocate resources using an entitlement vector |
US9443085B2 (en) | 2011-07-19 | 2016-09-13 | Elwha Llc | Intrusion detection using taint accumulation |
US8813085B2 (en) | 2011-07-19 | 2014-08-19 | Elwha Llc | Scheduling threads based on priority utilizing entitlement vectors, weight and usage level |
US9558034B2 (en) | 2011-07-19 | 2017-01-31 | Elwha Llc | Entitlement vector for managing resource allocation |
US8955111B2 (en) | 2011-09-24 | 2015-02-10 | Elwha Llc | Instruction set adapted for security risk monitoring |
CN103166753B (en) * | 2013-03-26 | 2015-12-09 | 桂林电子科技大学 | The lightweight stream cipher encrypting method of 4 non-linear drive |
KR102218715B1 (en) * | 2014-06-19 | 2021-02-23 | 삼성전자주식회사 | Semiconductor device for protecting data per channel |
CN105743652B (en) * | 2014-12-11 | 2019-01-22 | 上海华虹集成电路有限责任公司 | Data/address bus encryption method based on address exclusive or |
GB202010806D0 (en) * | 2020-07-14 | 2020-08-26 | Graphcore Ltd | Extended sync network |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5272574A (en) * | 1990-09-19 | 1993-12-21 | Samsung Electronics Co. Ltd. | Recording/playback circuit in a video tape recorder capable of recording a plurality of video signals |
CN1402848A (en) * | 1999-12-02 | 2003-03-12 | 因芬尼昂技术股份公司 | Microprocessor arrangement having encoding function |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS61108277A (en) * | 1984-11-01 | 1986-05-26 | Toshiba Corp | Chargeable broadcast system |
US4780905A (en) * | 1984-11-26 | 1988-10-25 | Nightwatch, Inc. | Computer data encryption system |
JPH09233065A (en) * | 1996-02-23 | 1997-09-05 | Sony Corp | Ciphering device and ciphering method |
JP4083925B2 (en) * | 1999-06-24 | 2008-04-30 | 株式会社日立製作所 | Information processing apparatus, card member, and information processing system |
FR2801751B1 (en) * | 1999-11-30 | 2002-01-18 | St Microelectronics Sa | ELECTRONIC SAFETY COMPONENT |
EP1267515A3 (en) * | 2000-01-21 | 2004-04-07 | Sony Computer Entertainment Inc. | Method and apparatus for symmetric encryption/decryption of recorded data |
US7131004B1 (en) * | 2001-08-31 | 2006-10-31 | Silicon Image, Inc. | Method and apparatus for encrypting data transmitted over a serial link |
US7046803B2 (en) * | 2001-10-06 | 2006-05-16 | Samsung Electronics Co., Ltd. | Random keystream generation apparatus and method for use in an encryption system |
US7242766B1 (en) * | 2001-11-21 | 2007-07-10 | Silicon Image, Inc. | Method and system for encrypting and decrypting data using an external agent |
JP2004023156A (en) | 2002-06-12 | 2004-01-22 | Denso Corp | Encryption communication system and communication system |
JP2004070499A (en) * | 2002-08-02 | 2004-03-04 | Fujitsu Ltd | Memory device, and enciphering/decoding method |
US7248696B2 (en) | 2002-09-12 | 2007-07-24 | International Business Machines Corporation | Dynamic system bus encryption using improved differential transitional encoding |
US7196994B2 (en) * | 2002-10-18 | 2007-03-27 | Matsushita Electric Industrial Co., Ltd. | Information recording medium, information recording apparatus and information reproduction apparatus for the same |
US7702904B2 (en) * | 2002-11-15 | 2010-04-20 | Nec Corporation | Key management system and multicast delivery system using the same |
KR100480998B1 (en) * | 2002-12-16 | 2005-04-07 | 한국전자통신연구원 | Security apparatus and method for digital hardware system |
US20050141716A1 (en) * | 2003-09-29 | 2005-06-30 | Prem Kumar | Coherent-states based quantum data-encryption through optically-amplified WDM communication networks |
-
2007
- 2007-05-08 KR KR1020070044699A patent/KR101370829B1/en not_active IP Right Cessation
-
2008
- 2008-02-05 US US12/025,829 patent/US20080279371A1/en not_active Abandoned
- 2008-03-13 CN CN200810081777.XA patent/CN101304314B/en not_active Expired - Fee Related
- 2008-04-09 JP JP2008101626A patent/JP2008282004A/en not_active Ceased
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5272574A (en) * | 1990-09-19 | 1993-12-21 | Samsung Electronics Co. Ltd. | Recording/playback circuit in a video tape recorder capable of recording a plurality of video signals |
CN1402848A (en) * | 1999-12-02 | 2003-03-12 | 因芬尼昂技术股份公司 | Microprocessor arrangement having encoding function |
Also Published As
Publication number | Publication date |
---|---|
KR101370829B1 (en) | 2014-03-10 |
KR20080099070A (en) | 2008-11-12 |
JP2008282004A (en) | 2008-11-20 |
US20080279371A1 (en) | 2008-11-13 |
CN101304314A (en) | 2008-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101304314B (en) | Methods of encrypting and decrypting data and bus system using the methods | |
KR101088420B1 (en) | Method and apparatus for cryptographically processing data | |
US5345508A (en) | Method and apparatus for variable-overhead cached encryption | |
US7817802B2 (en) | Cryptographic key management in a communication network | |
US5444781A (en) | Method and apparatus for decryption using cache storage | |
CN105790927B (en) | A kind of bus graded encryption system | |
KR101608815B1 (en) | Method and system for providing service encryption in closed type network | |
CN105119715B (en) | Digital circuit is interconnected between a kind of virtual IO pieces of FPGA based on re-encryption algorithm | |
CN101416438A (en) | Control word key store for multiple data streams | |
CN101969376A (en) | Self-adaptive encryption system and method with semantic security | |
CN111832051B (en) | Symmetric encryption and decryption method and system based on FPGA | |
CN210955077U (en) | Bus encryption and decryption device based on state cryptographic algorithm and PUF | |
CN103336920B (en) | Security system for wireless sensor network SOC chip | |
CN102377563A (en) | Method for data stream encryption | |
US7436966B2 (en) | Secure approach to send data from one system to another | |
CN103200007A (en) | Serial advanced technology attachment (SATA) data asymmetrical encryption hardware achieving system based on field programmable gate array (FPGA) | |
KR101375670B1 (en) | Method of encrypting and decrypting data, and Bus System using the same | |
JPH0777933A (en) | Network data ciphering device | |
CN110135187A (en) | A kind of file encryption-decryption system and encipher-decipher method based on PUF | |
US11909893B2 (en) | Composite encryption across cryptographic algorithms | |
JPH0491531A (en) | Confidential data transferring method using ic card | |
JP3164347B2 (en) | IC tag | |
KR101758232B1 (en) | method of encryption or decryption a data block, apparatus for encryption or decryption a data block, and storage medium for storing a program for encryption or decryption a data block | |
CN118659885A (en) | IIC interface encryption device and method based on RSA algorithm | |
CN118157930A (en) | Method, device, equipment and medium for encrypting transmission data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130710 Termination date: 20210313 |
|
CF01 | Termination of patent right due to non-payment of annual fee |